Group

group

The Group object represents a collection or association of entities, such as users, policies, or devices. It serves as a logical grouping mechanism to organize and manage entities with similar characteristics or permissions within a system or organization, including but not limited to purposes of access control.

Attributes

CaptionNameTypeDescription
DescriptiondescString

The group description.

DomaindomainString

The domain where the group is defined. For example: the LDAP or Active Directory domain.

NamenameString

Entity:GROUP_OBJECT_NAME
The group name.

PrivilegesprivilegesString[]

The group privileges.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

Account TypetypeString

The type of the group or account.

Unique IDuidString

Entity:GROUP_OBJECT_UID
The unique identifier of the group. For example, for Windows events this is the security identifier (SID) of the group.

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

Relationships

Group shown in context

Inbound Relationships

These objects and events reference Group in their attributes:

Outbound Relationships

Group references the following objects and events in its attributes:

This page describes ocsf-1.4.0